Home » Hacking » WannaCry Ransomware Code Similar to Contopee, Are SWIFT Hackers/Lazarus Group to Blame?

WannaCry Ransomware Code Similar to Contopee, Are SWIFT Hackers/Lazarus Group to Blame?

Last updated on May 19th, 2017 at 08:47 am EST

Remember the SWIFT hackers, the peeps behind the Bangladesh Bank heist of 2016. That heist resulted in hackers stealing $81 million from Bangladesh central bank’s account at the New York Federal Reserve in just hours. After almost a year of investigation, the FBI said it was a state sponsored attack and that North Korea was behind the attack. Also remember the Lazarus Group, the hackers behind the Sony Pictures hack, who have been linked to North Korea and the Bangladesh Bank Heist . Looks like those hackers are back, and could very well be behind WannaCry Ransomware hack.

WannaCry Ransomware


Also Read

How To Remove WannaCry Ransomware

TheShadowBrokers To Release More Zero Day Exploits; Take Dig at Microsoft & Google

Adylkuzz Malware Affecting Thousands, Bigger Than WannaCry

A few hours ago, Neel Mehta, a security researcher at Google posted the below tweet with the #WannaCryptAttribution hashtag, What did he mean? He wanted to highlight the similarities between WannCry ransomware code from February 2017 and Lazarus Group code from February 2015.

Security researcher Matthieu Suiche then started looking into the code of WannaCry Ransomware and also noticed similarities with Contopee malware. Contopee malware is one of the backdoors belonging to Lazarus Group.

Symantec has identified three pieces of malware which were being used in limited targeted attacks against the financial industry in South-East Asia: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee.

WannaCry Contopee


Contopee WannaCry

Now, we are no experts at disassembled code, but we do see the similarities in the code with naked eyes and zero knowledge of machine language.


Matthieu was not the only one to find similarities, Kaspersky Director Costin Raiu has also found similarities between WannaCry and Contopee malware.

Is the Lazarus Group behind WannaCry ransomware or is it some other hacking group/hacker imitating their code? What do you peeps think?

References (1) , (2)